The present invention relates in general to automotive vehicle security/access systems, and, more specifically, to a biometric-controlled vehicle system protecting users biometric data by removal from memory after predefined sunset periods.
Vehicle security systems limit access into a vehicle and restrict vehicle operation to an owner and other authorized users while maintaining user convenience and simplicity. Traditional mechanical keys for door locks and ignition locks have generally been replaced by electronic (e.g., wireless) keys and fobs, keypads, keycards, and smartphones as access control devices. Personalization of various vehicle attributes and features can be implemented based on recognition of individual users as a result of unique identifiers provided by their respective access control devices.
In one such system, a vehicle is equipped with a push-to-start (PTS) button, which generates vehicle ignition signals that are recognized as valid if the user carries a recognized wireless fob. To correctly match personalization features to the intended users, any particular fob needs to always be in the possession of the proper user. However, fobs could be easily mixed up in a household. Moreover, the number of separately recognizable users is limited by the number of physical fobs purchased and programmed to the vehicle, requiring additional user expense if more than an initial number of fobs is desired (e.g., for an increased number of drivers). Consequently, biometric scanning techniques have been introduced to provide greater capacity in differentiating unique individuals and for providing greater security with a high level of convenience. For example, U.S. Pat. No. 9,381,890 discloses a biometric fingerprint scanner that can be integrated into the PTS button.
Biometric data that can be used in connection with vehicle access and user identification include image data, voice data, fingerprint data, and many other types of data that can be detected within a vehicle environment. A typical biometric access and personalization system and associated administration of users' biometric information is disclosed in U.S. Pat. No. 9,275,208, which is incorporated by reference in its entirety.
For storage on a vehicle, the biometric data of users is often encrypted and otherwise secured against copying or misuse. In particular, collection and storage of biometric data should conform to established standards for protecting personally identifiable information (PII). Even though encrypted storage on the vehicle can be robust, data protection remains a concern in view of the long lifecycle of a typical vehicle and the likelihood of vehicle possession/ownership changing during that lifecycle. Therefore, provision is made in U.S. Pat. No. 9,275,208 for deleting a user's biometric data on demand. It is also known to specify a fixed deletion date in advance when biometric data is first recorded for a user.
For example, a vehicle may often be acquired by lease. The primary lessee/user can enroll themselves and others to use biometric features by storing their corresponding biometric data. The lessee/user(s) could specify a sunset time for the data to correspond with the end of the lease period. The biometric data would expire (and be deleted) once the sunset duration is reached regardless of whether the vehicle is stolen, transferred, or the lease has expired.
In another example, a vehicle can be hired out by a rental company using biometric-based features to avoid having to surrender a physical key or other forms of vehicle authorization. Based on a duration of the rental, the renter can set a validity period (e.g., a time duration or distance) of a biometric key. The rentee would enroll into the rental vehicle, and could be given the option of increasing the validity period for further compensation. If not automatically deleted at the termination of the authorized usage, the renting company will manually erase the rentee's biometric data at vehicle check-in.
While automatic deletion of biometric data is desirable to help protect the personally identifiable information, it is often not so easy to anticipate the length of time for the active use of a vehicle by a particular user. Making a conservative choice by choosing a shorter duration for the sunset time to delete the biometric data provides better security but causes inconvenience when the data is prematurely expired before the user has completed their use of the vehicle. Therefore, an improved system of automatically deleting biometric data is needed.